You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by tr...@apache.org on 2008/05/14 06:50:17 UTC
svn commit: r656102 - in /mina:
branches/1.0/filter-ssl/src/main/java/org/apache/mina/filter/support/
branches/1.1/filter-ssl/src/main/java/org/apache/mina/filter/support/
trunk/core/src/main/java/org/apache/mina/filter/ssl/
Author: trustin
Date: Tue May 13 21:50:17 2008
New Revision: 656102
URL: http://svn.apache.org/viewvc?rev=656102&view=rev
Log:
Resolved issue: DIRMINA-580 (Session Idle times out when SSL is enabled)
* Applied the best patch suggested by Janardhanan
Modified:
mina/branches/1.0/filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java
mina/branches/1.1/filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java
mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
Modified: mina/branches/1.0/filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java
URL: http://svn.apache.org/viewvc/mina/branches/1.0/filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java?rev=656102&r1=656101&r2=656102&view=diff
==============================================================================
--- mina/branches/1.0/filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java (original)
+++ mina/branches/1.0/filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java Tue May 13 21:50:17 2008
@@ -6,16 +6,16 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
- *
+ * under the License.
+ *
*/
package org.apache.mina.filter.support;
@@ -92,7 +92,7 @@
private SSLEngineResult.HandshakeStatus handshakeStatus;
private boolean initialHandshakeComplete;
-
+
/**
* Handshake complete?
*/
@@ -104,13 +104,13 @@
* Constuctor.
*
* @param sslc
- * @throws SSLException
+ * @throws SSLException
*/
public SSLHandler(SSLFilter parent, SSLContext sslc, IoSession session)
throws SSLException {
this.parent = parent;
this.session = session;
- this.ctx = sslc;
+ ctx = sslc;
init();
}
@@ -222,7 +222,7 @@
* Check if there is any need to complete handshake.
*/
public boolean needToCompleteHandshake() {
- return (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP && !isInboundDone());
+ return handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP && !isInboundDone();
}
public void schedulePreHandshakeWriteRequest(NextFilter nextFilter,
@@ -263,7 +263,7 @@
}
Event e;
-
+
// We need synchronization here inevitably because filterWrite can be
// called simultaneously and cause 'bad record MAC' integrity error.
synchronized (this) {
@@ -271,7 +271,7 @@
e.nextFilter.filterWrite(session, (WriteRequest) e.data);
}
}
-
+
while ((e = (Event) messageReceivedEventQueue.poll()) != null) {
e.nextFilter.messageReceived(session, e.data);
}
@@ -290,7 +290,7 @@
if (buf.limit() > inNetBuffer.remaining()) {
// We have to expand inNetBuffer
inNetBuffer = SSLByteBufferPool.expandBuffer(inNetBuffer,
- inNetBuffer.capacity() + (buf.limit() * 2));
+ inNetBuffer.capacity() + buf.limit() * 2);
// We also expand app. buffer (twice the size of in net. buffer)
appBuffer = SSLByteBufferPool.expandBuffer(appBuffer, inNetBuffer
.capacity() * 2);
@@ -354,8 +354,8 @@
// Loop until there is no more data in src
while (src.hasRemaining()) {
- if (src.remaining() > ((outNetBuffer.capacity() - outNetBuffer
- .position()) / 2)) {
+ if (src.remaining() > (outNetBuffer.capacity() - outNetBuffer
+ .position()) / 2) {
// We have to expand outNetBuffer
// Note: there is no way to know the exact size required, but enrypted data
// shouln't need to be larger than twice the source data size?
@@ -388,7 +388,7 @@
/**
* Start SSL shutdown process.
- *
+ *
* @return <tt>true</tt> if shutdown process is started.
* <tt>false</tt> if shutdown process is already finished.
*
@@ -432,9 +432,9 @@
*/
private void checkStatus(SSLEngineResult res)
throws SSLException {
-
+
SSLEngineResult.Status status = res.getStatus();
-
+
/*
* The status may be:
* OK - Normal operation
@@ -494,8 +494,9 @@
" handshakeStatus=NEED_UNWRAP");
}
SSLEngineResult.Status status = unwrapHandshake(nextFilter);
- if (status == SSLEngineResult.Status.BUFFER_UNDERFLOW
- || isInboundDone()) {
+ if (status == SSLEngineResult.Status.BUFFER_UNDERFLOW &&
+ handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED ||
+ isInboundDone()) {
// We need more data or the session is closed
break;
}
@@ -604,9 +605,9 @@
// prepare to be written again
inNetBuffer.compact();
-
+
checkStatus(res);
-
+
renegotiateIfNeeded(nextFilter, res);
}
@@ -629,7 +630,7 @@
&& res.getStatus() == SSLEngineResult.Status.OK
&& inNetBuffer.hasRemaining()) {
res = unwrap0();
-
+
// prepare to be written again
inNetBuffer.compact();
@@ -669,7 +670,7 @@
} while (res.getStatus() == SSLEngineResult.Status.OK
&& (handshakeComplete && res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING
|| res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP));
-
+
return res;
}
Modified: mina/branches/1.1/filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java
URL: http://svn.apache.org/viewvc/mina/branches/1.1/filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java?rev=656102&r1=656101&r2=656102&view=diff
==============================================================================
--- mina/branches/1.1/filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java (original)
+++ mina/branches/1.1/filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java Tue May 13 21:50:17 2008
@@ -91,7 +91,7 @@
private SSLEngineResult.HandshakeStatus handshakeStatus;
private boolean initialHandshakeComplete;
-
+
/**
* Handshake complete?
*/
@@ -109,7 +109,7 @@
throws SSLException {
this.parent = parent;
this.session = session;
- this.ctx = sslc;
+ ctx = sslc;
init();
}
@@ -221,7 +221,7 @@
* Check if there is any need to complete handshake.
*/
public boolean needToCompleteHandshake() {
- return (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP && !isInboundDone());
+ return handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP && !isInboundDone();
}
public void schedulePreHandshakeWriteRequest(NextFilter nextFilter,
@@ -254,7 +254,7 @@
messageReceivedEventQueue.offer(new Event(EventType.RECEIVED, nextFilter,
message));
}
-
+
public void flushScheduledEvents() {
// Fire events only when no lock is hold for this handler.
if (Thread.holdsLock(this)) {
@@ -262,7 +262,7 @@
}
Event e;
-
+
// We need synchronization here inevitably because filterWrite can be
// called simultaneously and cause 'bad record MAC' integrity error.
synchronized (this) {
@@ -289,7 +289,7 @@
if (buf.limit() > inNetBuffer.remaining()) {
// We have to expand inNetBuffer
inNetBuffer = SSLByteBufferPool.expandBuffer(inNetBuffer,
- inNetBuffer.capacity() + (buf.limit() * 2));
+ inNetBuffer.capacity() + buf.limit() * 2);
// We also expand app. buffer (twice the size of in net. buffer)
appBuffer = SSLByteBufferPool.expandBuffer(appBuffer, inNetBuffer
.capacity() * 2);
@@ -351,8 +351,8 @@
// Loop until there is no more data in src
while (src.hasRemaining()) {
- if (src.remaining() > ((outNetBuffer.capacity() - outNetBuffer
- .position()) / 2)) {
+ if (src.remaining() > (outNetBuffer.capacity() - outNetBuffer
+ .position()) / 2) {
// We have to expand outNetBuffer
// Note: there is no way to know the exact size required, but enrypted data
// shouln't need to be larger than twice the source data size?
@@ -429,9 +429,9 @@
*/
private void checkStatus(SSLEngineResult res)
throws SSLException {
-
+
SSLEngineResult.Status status = res.getStatus();
-
+
/*
* The status may be:
* OK - Normal operation
@@ -491,8 +491,9 @@
" handshakeStatus=NEED_UNWRAP");
}
SSLEngineResult.Status status = unwrapHandshake(nextFilter);
- if (status == SSLEngineResult.Status.BUFFER_UNDERFLOW
- || isInboundDone()) {
+ if (status == SSLEngineResult.Status.BUFFER_UNDERFLOW &&
+ handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED ||
+ isInboundDone()) {
// We need more data or the session is closed
break;
}
@@ -596,9 +597,9 @@
// prepare to be written again
inNetBuffer.compact();
-
+
checkStatus(res);
-
+
renegotiateIfNeeded(nextFilter, res);
}
@@ -621,7 +622,7 @@
&& res.getStatus() == SSLEngineResult.Status.OK
&& inNetBuffer.hasRemaining()) {
res = unwrap0();
-
+
// prepare to be written again
inNetBuffer.compact();
@@ -661,7 +662,7 @@
} while (res.getStatus() == SSLEngineResult.Status.OK
&& (handshakeComplete && res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING
|| res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP));
-
+
return res;
}
@@ -718,6 +719,7 @@
this.value = value;
}
+ @Override
public String toString() {
return value;
}
Modified: mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
URL: http://svn.apache.org/viewvc/mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java?rev=656102&r1=656101&r2=656102&view=diff
==============================================================================
--- mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java (original)
+++ mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java Tue May 13 21:50:17 2008
@@ -55,7 +55,7 @@
* @version $Rev$, $Date$
*/
class SslHandler {
-
+
private final Logger logger = LoggerFactory.getLogger(getClass());
private final SslFilter parent;
private final SSLContext ctx;
@@ -100,7 +100,7 @@
throws SSLException {
this.parent = parent;
this.session = session;
- this.ctx = sslc;
+ ctx = sslc;
init();
}
@@ -136,7 +136,7 @@
sslEngine.beginHandshake();
handshakeStatus = sslEngine.getHandshakeStatus();
-
+
handshakeComplete = false;
initialHandshakeComplete = false;
writingEncryptedData = false;
@@ -158,7 +158,7 @@
"Unexpected exception from SSLEngine.closeInbound().", e);
}
-
+
if (outNetBuffer != null) {
outNetBuffer.capacity(sslEngine.getSession().getPacketBufferSize());
} else {
@@ -280,7 +280,7 @@
if (inNetBuffer == null) {
inNetBuffer = IoBuffer.allocate(buf.remaining()).setAutoExpand(true);
}
-
+
inNetBuffer.put(buf);
if (!handshakeComplete) {
handshake(nextFilter);
@@ -317,7 +317,7 @@
if (answer == null) {
return emptyBuffer;
}
-
+
outNetBuffer = null;
return answer.shrink();
}
@@ -332,7 +332,7 @@
if (!handshakeComplete) {
throw new IllegalStateException();
}
-
+
if (!src.hasRemaining()) {
if (outNetBuffer == null) {
outNetBuffer = emptyBuffer;
@@ -459,8 +459,9 @@
} else if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
// we need more data read
SSLEngineResult.Status status = unwrapHandshake(nextFilter);
- if (status == SSLEngineResult.Status.BUFFER_UNDERFLOW
- || isInboundDone()) {
+ if (status == SSLEngineResult.Status.BUFFER_UNDERFLOW &&
+ handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED ||
+ isInboundDone()) {
// We need more data or the session is closed
break;
}
@@ -470,7 +471,7 @@
if (outNetBuffer != null && outNetBuffer.hasRemaining()) {
break;
}
-
+
SSLEngineResult result;
createOutNetBuffer(0);
for (;;) {
@@ -499,7 +500,7 @@
int capacity = Math.max(
expectedRemaining,
sslEngine.getSession().getPacketBufferSize());
-
+
if (outNetBuffer != null) {
outNetBuffer.capacity(capacity);
} else {
@@ -538,7 +539,7 @@
newSsle.initCause(ssle);
throw newSsle;
}
-
+
IoBuffer outNetBuffer = fetchOutNetBuffer();
if (outNetBuffer != null && outNetBuffer.hasRemaining()) {
writeFuture = new DefaultWriteFuture(session);
@@ -582,7 +583,7 @@
if (inNetBuffer != null) {
inNetBuffer.flip();
}
-
+
if (inNetBuffer == null || !inNetBuffer.hasRemaining()) {
// Need more data.
return SSLEngineResult.Status.BUFFER_UNDERFLOW;
@@ -638,7 +639,7 @@
} else {
appBuffer.expand(inNetBuffer.remaining());
}
-
+
SSLEngineResult res;
do {
res = sslEngine.unwrap(inNetBuffer.buf(), appBuffer.buf());